Jump to content

Recommended Posts

Hello guys. 

 

I have computer A & B & C.

All computers have unique LOCAL ADMIN and DOMAIN. 

 

Does one of you know a way/tool/trick to do RunAs with my actual LOCAL ADMIN > AND :

$x = RunAs (@Comspec , ... "MKDIR > COPY FILE" )

"MKDIR > COPY FILE" ;This part have to be under target's local admin rights. 

 

My issue is I don't have a way to mkdir if my target got a different local admin account. 
The mkdir command actually inherits of RunAs Rights.

So if anyone of you know a way to do a directory and a copy with RunAs and to specify the target Admin please let me know :( 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites
  • Moderators

You're going to have to figure out what the name of the local admin is first, plain and simple. If it is truly the Local (Built-In) administrator, you have a couple of options:

  • doing a wmic query for the well-known local admin SID
  • pulling it out of the registry under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList,
  • even running an embedded Get-LocalUser PS (though I am loathe to do cross-language scripting usually).

The problem you'll run into using any of these methods is they all take elevation to perform, which makes performing them a moot point. If you have supplied creds to elevate the script to find the local admin account, you might as well just use the supplied creds to create your directory.

Your other option would be to use PSExec to run as SYSTEM, but IIRC, you would still need an account with administrative rights on the box to launch PSExec in that context.

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to post
Share on other sites
51 minutes ago, JLogan3o13 said:

The problem you'll run into using any of these methods is they all take elevation to perform, which makes performing them a moot point. If you have supplied creds to elevate the script to find the local admin account, you might as well just use the supplied creds to create your directory.

Your other option would be to use PSExec to run as SYSTEM, but IIRC, you would still need an account with administrative rights on the box to launch PSExec in that context.

I don't mind elevating the script or anything else. I made this tool for an IT team. They have all account, and they've provided me with them.

Btw PSexec isn't the issue because I can specify the Username for the used command and pw and domain. Which is not the case for mkdir or Robocopy, I'm just requesting a tool to do a DirCopy/robocopy or MKdir with the same syntax username pw and domain

Oh!!!!!!!!!!!!! :frantics: Answering you made me find a workarround... :D I will try but keep considering this thread unsolved.

And maybe my domain account will make it too. But I'm on this issue and would like to find how to do without it.

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites

Hey,

Just a thought. Since these PCs are on a domain (even if different ones), can you not ask for a standard user account be created (perhaps with same name and password) on all 3 domains and added to Local admins for those PCs only using Group Policy? Should take a few minutes to set up by a domain admin.

Link to post
Share on other sites
10 minutes ago, GokAy said:

Hey,

Just a thought. Since these PCs are on a domain (even if different ones), can you not ask for a standard user account be created (perhaps with same name and password) on all 3 domains and added to Local admins for those PCs only using Group Policy? Should take a few minutes to set up by a domain admin.

No we have more 15k ++ laptop/. I don't want to ask for a GPO

@GokAy Edit for you : My customer does want about me to NOT request anything from other entity in that group. The politic's context is very special x)... 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites
  • Moderators
7 minutes ago, caramen said:

No we have more 15k ++ laptop/. I don't want to ask for a GPO

Why not? I was taking this to be a bunch of different PCs, since you said they have their own unique admin account AND domain. But if they are all on the same, GPO is purpose-built for this.

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to post
Share on other sites
1 minute ago, JLogan3o13 said:

Why not?

9 minutes ago, caramen said:

@GokAy Edit for you : My customer does want about me to NOT request anything from other entity in that group. The politic's context is very special x)... 

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites
23 minutes ago, GokAy said:

Just a thought. Since these PCs are on a domain (even if different ones), can you not ask for a standard user account be created (perhaps with same name and password)

BTW this workaround can be done by myself, doing it on my domain/laptop only. 

(It means : also on all computers that would use my tool this is not a problem I can ask my technicians to make the account on their computers).

But the problem remain the same, without a tool that allow me to do the needed syntax(Or I'm wrong ???), I won't be able to use my admin account with a second one. 

PS: Don't forget : I have to use my admin account for the RunAs

I thought about that and I made 3 local admins on my laptop. In the logic it is the same. And the issue was same I'm stuck. I'm thinking I'm thinking....

I detail what I did : 

I made a local account with admin rights on my laptop same username & password. 

I RunAs : UsernameA with PasswordA and DomainA : My robocopy to ComputerB from DomainB. It remains denied. But it works if the computers are on the same domain. 

And doing it manually with windows comon interface work too. I can access to c$ domain A to B without any issue.

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites

Just to clarify, we are talking about 3 PCs only, right?

JLogan's suggestion about PSExec seems reasonable then? One of the many pages about its usage:

https://www.lifewire.com/psexec-4587631

Check it out, maybe you will find it usable.

Also, there used to be admin shares if you remember (C$, D$ etc.). Maybe you can also utilize them?

Edited by GokAy
Added Admin Share possibility
Link to post
Share on other sites

Psexec don't have in the syntax a parameter to transfer a full directory. This is why I need MKDir and robocopy before my psexec (or anything else btw...)

-w  Sets the working directory of the process (relative to remote computer).

 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites

You could start a script on the target machine with psexec, no? Say if it is on a network share or something? Maybe use a parameter for the directory and what-not.

I mean, use psexec to start the script that will mkdir/copy, not the command directly for mkdir/copy.

Edit to elaborate on the process:

1. Main script will psexec to the target machine with target machine local admin account

2. Main script will send psexec command to start the mkdir/copy script which may be on an accessible network share with the parameters (i.e, mkdir folder and other mkdir/copy parameters)

3. Target machine will start the mkdir/copy script locally according to supplied parameters

Edited by GokAy
Link to post
Share on other sites
11 minutes ago, GokAy said:

You could start a script on the target machine with psexec, no? Say if it is on a network share or something? Maybe use a parameter for the directory and what-not.

I mean, use psexec to start the script that will mkdir/copy, not the command directly for mkdir/copy.

This is what I thought. I will try that yep. I'm still wondering how to get the sources needed. And network share seem to be the best option. It's already set. 

In a not close future I will be able to ask for a GPO.

But I think I will need a better option for sources that cannot be accessed by the end users.

 

Maybe I could turn the question differently then, is there any cmd tool to copy files into system directory with a non-elevated cmd ?

 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites

I think I find that : 

I will make a shared folder for all domain 

PSexec inside it and nothing else (more secure and easy to do than whole access to sources. 

I will run the PSexec Copy on the target computer

I will make a PSexec of another PSexec process which will perform task on itself with local rights. That should work for the mkdir. And since all commands from there will be able to be run with other's account. I will do it for all the rest.

        $iResult = RunAs( $UsernameA , _
            @ComputerName , _
            $PasswordA , _
            1 , _
            @ComSpec & ' /c PSexec.exe \\ComputerB -u UsernameB -p PasswordB -i -s -d "PSexec.exe -u USERNAME -p PASSWORD robocopy C:\Data\Source1  C:\temptest /E /R:2" ', _
            @SystemDir, _
            @SW_HIDE , _
            BitOR($STDERR_CHILD, $STDOUT_CHILD) )

This should work because this is working on my computer 

psexec -u Caramen -p xxxxxx calc.exe

  So Here I got a way to use 2 account. I will try and give feedback. I have test environment rdy I will do that tomorrow morning.

 

 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...